CVE-2009-1326

Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2009-1326. PoCs published by Vinod Sharma, Cyber-Zone, Stack.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in RM Downloader 3.0.2.1 via a maliciously crafted M3U file. It leverages a JMP ESP instruction from RDcodec02.dll to execute shellcode that spawns calc.exe.

Description

Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Vinod Sharma · perllocalwindows
https://www.exploit-db.com/exploits/10423

This exploit targets a stack overflow vulnerability in RM Downloader 3.0.2.1 via a maliciously crafted M3U file. It leverages a JMP ESP instruction from RDcodec02.dll to execute shellcode that spawns calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RM Downloader 3.0.2.1
No auth needed
Prerequisites: Victim must open the malicious M3U file with RM Downloader
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Cyber-Zone · perldoswindows
https://www.exploit-db.com/exploits/8404

This Perl script generates a malicious .M3U file that triggers a local stack overflow in RM Downloader when parsed. The exploit uses a long HTTP URL (26109 'A' characters) to overwrite the EIP register, demonstrating a classic buffer overflow vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: RM Downloader (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file with RM Downloader
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Stack · perllocalwindows
https://www.exploit-db.com/exploits/8410

This exploit targets a stack overflow vulnerability in RM Downloader 3.0.0.9 via a maliciously crafted .m3u file. It uses a long HTTP URL followed by a return address and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RM Downloader 3.0.0.9
No auth needed
Prerequisites: Victim must open the malicious .m3u file with RM Downloader
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8403

This Perl script generates a malicious .M3U file that triggers a local stack overflow in WM Downloader when parsed. The exploit uses a long HTTP URL (26121 'A' characters) to overwrite the stack and control EIP, demonstrating a classic buffer overflow vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WM Downloader (version unspecified)
No auth needed
Prerequisites: Victim must open the crafted .M3U file in WM Downloader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8405

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream RM-MP3 Converter when opened. The exploit uses a long HTTP URL string to overwrite the stack, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream RM-MP3 Converter
No auth needed
Prerequisites: Victim must open the malicious .M3U file with the vulnerable software
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8402

This Perl script generates a malicious .M3U file that triggers a local stack overflow in Mini-stream Ripper when opened. The exploit uses a long HTTP URL string (26129 'A' characters) to overwrite the stack, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mini-stream Ripper
No auth needed
Prerequisites: Victim must open the malicious .M3U file in Mini-stream Ripper
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
perldoswindows
https://www.exploit-db.com/exploits/8407

This Perl script generates a malicious .M3U file that triggers a local stack overflow in ASX to MP3 Converter when processed. The exploit uses a long HTTP URL string (26121 'A' characters) to overwrite the stack and crash the application, demonstrating a buffer overflow vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ASX to MP3 Converter (version unspecified)
No auth needed
Prerequisites: Victim must open the malicious .M3U file with ASX to MP3 Converter
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8410
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34647
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8404
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34494
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49843

Scores

EPSS 0.2775
EPSS Percentile 96.6%

Details

CWE
CWE-119
Status published
Products (1)
mini-stream/rm_downloader 3.0.0.9
Published Apr 17, 2009
Tracked Since Feb 18, 2026